Health Care Facilities Targeted in a Wave of Ransomware Attacks

Most of us are familiar with ransomware, at least in theory, if not from personal experience, but other than complaints of paying for data held hostage, we haven’t seen how damaging ransomware can be.

The series of attacks on hospitals, therefore, has been eye opening. In general, cyberattacks on the health care industry don’t grab headlines quite the way they did before because they have become so commonplace. That’s not to say the situation isn’t serious and that health care should be shirking its duties in cybersecurity. Rather, it happens so much that we don’t pay as much attention as we probably should. However, the other night as I watched the news, I saw a segment about the ransomware attack that essentially caused a network blackout for hospitals in the MedStar Health chain. The news program showed an emergency room with dark computer monitors and staff scrambling to process patient information by hand. There were also reports of patients being turned away due to the attack. An eSecurity Planet article reported that four other hospitals were affected, adding that in at least one hospital:

the malware used was the Locky ransomware, which was delivered by email and spread from the initial infected computer to others on the network, prompting the hospital to shut down all desktops until each one could be scanned for malware.

As is the case in many ransomware attacks, the criminals want payment in bitcoin. And this epidemic of attacks has the FBI looking into the problem.

So what’s going on? Why are we seeing this type of activity targeting the health care sector and what is different? In an email from Trustwave security researchers, I was told that criminals are turning to ransomware more frequently for three primary reasons:

It’s easy to get their hands on: Exploit kits that deliver ransomware are readily available, and are some of the easiest attacks to execute, because the work is already done for the criminal. Even amateur criminals can make expert hacker money by the use of these tools.

It’s easy to execute: Criminals can deploy their exploit in a flash, and see major payouts. Why should a hacker spend their time on a time-intensive, low-return attack such as DDoS? For an investment of $5,900 for a one-month ransomware campaign, a criminal can profit approximately $90,000 a month. If the same investment was made every month for one year, the return would add up to $900,000 in gross revenue.

Justin Moore, CEO with Axcient, added that with computer networks being the vulnerable gateway to valuable and hyper-sensitive patient data, hackers are stepping up their game and attack strategy. Via email, he commented:

Hackers have a giant bullseye on the health care sector right now, because they know that many organizations still rely on simplistic, dated approaches to cybersecurity. Fact is, many organizations have already been breached, and the only way to both prevent and withstand attacks is by taking a multilayered approach. IT resiliency today involves implementing protections for the organization, protecting related communities and supply chains from attack and then stopping existing attacks before they become breaches. Until CIOs hit all three objectives, they’ll remain easy pickings for hackers.

Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba.